Recent Buck survey finds HIPAA compliance lacking for health plan sponsors

Featured image

Share this article

healthcare orgs not staying hipaa compliant illustration

A 2019 Buck HIPAA Readiness Survey verifies that health plan sponsors still struggle with HIPAA compliancy.

Buck researchers were interested in addressing the industry’s adherence to HIPAA in conjunction with an overall increase in enforcement and investigation by the U.S. Department of Health and Human Services (HHS).

The results were alarming.

Survey Results

Conducted in April/May 2019, the findings—particularly regarding risk assessment, business associates, employee training, and breach notification—demonstrate not only a lack of compliancy but a lack of understanding as well.

One-third of survey respondents were unsure when their organization last performed a risk/threat assessment; an additional 10% (42% total) thought the last assessment was more than five years old.

Astonishingly, only 39% updated their security policies and procedures within the last year; employee training followed the same trend.

35% of respondents last offered training one to five years ago while 13% stated their organization only provides training when an employee first starts; 10% weren’t even sure when it was last provided.

Similarly, 33% either have not inventoried their business associates (BAs) or were uncertain if an inventory was ever done.

16% were even unsure if they had current business associate agreements (BAA) written up while 3% knew that no current agreement existed.

Finally, while about three-quarters of the respondents surprisingly had breach notification policies in place, 10% unfortunately had no such policy; 16% were unsure.

What can we learn

The results should be a warning to the health industry as the numbers demonstrate that only about half of the respondents are HIPAA compliant in some shape or form.

RELATED: HIPAA Compliant Email: The Definitive Guide

It is essential for all health organizations to learn, understand, and implement HIPAA regulations, not only for patient privacy but to safeguard themselves.

Organizations must build policies and procedures to address each aspect of HIPAA; then they must efficiently communicate, follow, and monitor them.

Updates must occur after regulation changes, organizational developments (whether technological, environmental, or business-related), and violations or breaches.

Finally, organizations must perform (and test continuously) risk/threat analyses and employee training.

Having a strong security program and implementing technology like Paubox’s HITRUST CSF certified solutions provide the protection needed within an industry with such sensitive data.

Try Paubox Email Suite for FREE today.
Author Photo

About the author

Kapua Iao

Read more by Kapua Iao

Get started with
end-to-end protection

Bolster your organization’s security with healthcare’s most trusted HIPAA compliant email solution

The #1-rated email encryption 
and security software on G2

G2 Badge: Email Encryption Leader Fall 2022
G2 Badge: Security Best Usability Fall 2022
G2 Badge: Encryption Momentum Leader Fall 2022
G2 Badge: Security Best Relationship Fall 2022
G2 Badge: Security Users Most Likely to Recommend Fall 2022
G2 Badge: Email Gateway Best Relationship Fall 2022
G2 Badge: Email Gateway Best Meets Requirements Fall 2022
G2 Badge - Users Most Likely to Recommend Summer 2022
G2 Badge: Email Gateway Best Results Fall 2022
G2 Badge: Email Gateway Best Usability Fall 2022
G2 Badge: Email Gateway Best Support Fall 2022
G2 Badge: Email Gateway Easiest To Use Fall 2022
G2 Badge: Email Gateway Easiest Setup Fall 2022
G2 Badge: Email Gateway Easiest Admin Fall 2022
G2 Badge: Email Gateway Easiest to do Business with Fall 2022
G2 Badge: Email Gateway Highest User Adoption 2022
G2 Badge: Email Gateway High Performer Fall 2022
G2 Badge: Email Gateway Momentum Leader Fall 2022
G2 Badge: Email Gateway Most Implementable Fall 2022
G2 Badge: Email Gateway Users Most Likely to Recommend Fall 2022